-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 07 Aug 2025 00:19:58 +0200 Source: cpp-httplib Binary: libcpp-httplib-dev libcpp-httplib0.18 libcpp-httplib0.18-dbgsym Architecture: i386 Version: 0.18.7-1+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Andrea Pappacoda Description: libcpp-httplib-dev - C++ HTTP/HTTPS server and client library - development files libcpp-httplib0.18 - C++ HTTP/HTTPS server and client library Closes: 1104926 Changes: cpp-httplib (0.18.7-1+deb13u1) trixie-security; urgency=medium . * fix CVE-2025-46728 (DoS via unbounded request line length). While this patch intended to enforce request body size limits for chunked Transfer-Encoding, it actually adds size limits for a unique lines read from HTTP requests, solving another kind of DoS. See the GHSA-px83-72rx-v57c GitHub advisory for more details. Thanks to Yang Wang for the patch! Closes: #1104926 . * fix CVE-2025-52887 (Unlimited number of HTTP headers causes memory leak). This patch adds a limit to the number of headers which can be passed in an HTTP request, mitigating a possible DoS due to memory exhaustion. See bug #1109340 and the GHSA-xjhg-gf59-p92h GitHub advisory for more details. . * fix CVE-2025-53629 (Unbounded Memory Allocation in Chunked Requests). This patch complements the fix for CVE-2025-46728, actually solving memory exhaustion attacks via chucked HTTP requests. See bug #1109340 and the GHSA-qjmq-h3cc-qv6w GitHub advisory for more details. Checksums-Sha1: 6f8ef782aaf919cb5411886a78074a3de3d9dce6 8638 cpp-httplib_0.18.7-1+deb13u1_i386-buildd.buildinfo 13a4b3fcb1b78036fd854a02f49b91955bd97f11 19404 libcpp-httplib-dev_0.18.7-1+deb13u1_i386.deb 49aab0e31650efe9046b3cb52866785c77d9f40e 2292468 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_i386.deb f93e3d71b342f890f137a463cec5706c32b48654 222796 libcpp-httplib0.18_0.18.7-1+deb13u1_i386.deb Checksums-Sha256: e7f1038cdc33bab1092df2d3f42b133603714885963cb2f3287135a66824dac6 8638 cpp-httplib_0.18.7-1+deb13u1_i386-buildd.buildinfo c09b89d731d64310e113b109dcc520e52298ba0d09f44a47c396c711612bc0c3 19404 libcpp-httplib-dev_0.18.7-1+deb13u1_i386.deb 638ba5800e14bc6da72fb019bc97bd02c1d9c7a4013538d3b21ea67329d53c9e 2292468 libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_i386.deb d367e34b70d8ae4130b6d7a6ffc3bf3b85724ab301093ceeb9a0bd6276360d58 222796 libcpp-httplib0.18_0.18.7-1+deb13u1_i386.deb Files: 423d83c53c6474c2fbba77340d74444a 8638 libs optional cpp-httplib_0.18.7-1+deb13u1_i386-buildd.buildinfo ad8855d27e7203bef4e72fef55b1e697 19404 libdevel optional libcpp-httplib-dev_0.18.7-1+deb13u1_i386.deb 3b6ce956e9df24941685eea0a0fe6fcd 2292468 debug optional libcpp-httplib0.18-dbgsym_0.18.7-1+deb13u1_i386.deb 0004abcb21440bbd7bbbc2d92dc11590 222796 libs optional libcpp-httplib0.18_0.18.7-1+deb13u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcgNjDiyOcnJRaE/rxc5dwsVCzVkFAmn3k3UACgkQxc5dwsVC zVkVSA//VgTr8h+vW0PAnJAU4azPe90gUFgMNI/ZAX+raBzamNeqJTuafl4QS8FC NTPD2UyNdGnrjumJjW54EXfuS1kDfu/i+1egNHoydI5Fnn+NWfoyuSBwTJ7REcyN XEtTXzpN4hbOWRSoMiREb9uNIl1mjuV1RTGR98LXoVIZBmghMzHlTZliUF/tZ5Ex Fi84QxkSfxWB3EcKNWMgbHXmVKoggRGg7ng+/snMu/6+Yz4llXa6Viszrcb9gmba c1iXQlKdsS4zhDHVj8MAF2PvWmopszHSOeU2pCgkvtwROS8c92kvnANw3iYHx3+9 MSqcz1SBmcFcle3+jqGQhgLuwwtlyCiduzEDF/PU2mCqYJ3OisskCg5FKQPULUhj KukhSEzQE47QP1J9A1fkKpGvwWSGVjBmlIlzJdpxlSWRCmE0+40A2Ltu9XixOBDs 7shmNfkMh1Si/GyPjnounwSQqo0iYnRh3dBRHOxwYLbatvbtZaLAkyS0zf4GpJsW GupOCGUS8qObIeDMe1XB2XuQMNFpgwnwfWCzTCNjb+wKgb1fpBaoLaQBhrAEPUjL 9kq7IFAnmID+1twHspeTBGZ4YCWu9wobNSuDmhvKpV3m29m+nvNBGD30l4pQs7Ke N0Aolk0b4AoY2hzbPnq0cKW944A7+ZQwRDXlI3nElBVSlMDZK0M= =911y -----END PGP SIGNATURE-----